secureplanetio (OP)
Newbie
Offline
Activity: 48
Merit: 0
|
|
December 04, 2018, 11:46:40 PM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
Who decides whether a discovered vulnerability is severe or not? That's a process that can hardly be judged highly objectively. What does the scale for the ranking look like? The severity of the security vulnerabilities, like the reporting of vulnerabilities themselves, will be determined through a crowdsourced voting process. Voting will take place for ten days and contributors must vote for one of two outcomes: 1) yes, the vulnerability is accurate and should be included in the database, or 2) no, the vulnerability not accurate and should be rejected from the database. The “Yes” voters must also assign the “Vulnerability Score” using the CVSS calculator at https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L. Their submissions will be averaged out to derive the official Vulnerability Score. Once Secure Planet reveals the majority vote, the verifiers who voted on the winning outcome will be rewarded with SPX and Rep Tokens. Verifiers who chose the losing vote will lose Rep Tokens and receive no SPX. Does anyone hold a majority in the network in the beginning or is the network more or less evenly distributed? For the on-chain network, we are building our DApp on an existing platform. As a result, the network distribution will reflect the platform’s policies. As for the off-chain server, we are leveraging our partnerships to host it. The network will be evenly distributed among partners, and we plan to increase our partnerships.
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
lilaj4de
|
|
December 06, 2018, 02:26:04 AM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
The code being opened, whoever finds bugs or some vulnerability in the code, the reward will also be high? For example, I find a vulnerability in popular open source software developed by Secure, so the award will be high?
|
|
|
|
secureplanetio (OP)
Newbie
Offline
Activity: 48
Merit: 0
|
|
December 11, 2018, 03:35:48 AM |
|
Will the incentive for new vulnerability discoveries, the award, or the amount of tokens to be gained, be consistent with the complexity of the vulnerability encountered?
The amount of tokens Secure Planet awards to contributors will vary depending on each individual case. Two major factors will determine the amount of awarded tokens. They are as follows: - Popularity of the open source software containing the vulnerability - the higher the usage and/or adoption rate of the open source project, the higher the token amount
- Vulnerability severity ranking - the more critical the vulnerability, the higher the token amount
The code being opened, whoever finds bugs or some vulnerability in the code, the reward will also be high? For example, I find a vulnerability in popular open source software developed by Secure, so the award will be high? The bounty price is determined by the usage level of the open source project that contains the reported vulnerability. The more widely the open source project is used, the higher the bounty price of the associated vulnerability. In addition to the bounty, reporters may also receive a severity bonus. This additional remuneration will be awarded based on the severity and impact levels of the submitted vulnerability, determined by Secure Planet’s verifying community.
|
|
|
|
|
|
|
|
|